Legal & Compliance Program

Mary Connaughton
Mary Connaughton
  • Updated

Legal and Compliance

RapidRatings operates a risk-based approach to its compliance and regulatory program by evaluating risks from a user, services, and geographical point of view. Our compliance program is strongly aligned with national and international laws (determined by jurisdictional presence of RapidRatings) such as anti-money laundering laws, anti-bribery laws, whistleblowing protections, etc.

In terms of our efforts in managing our compliance program the following are some of the key policies and procedures we have in place to empower us to have a unified and clear compliance program. Our compliance program has senior management backing as any successful program needs to have this backing in order to foster a companywide compliance friendly culture.

  • Whistleblower Protection Policy
  • Anti-Bribery and Corruption Policy
  • Corporate Social Responsibility Policy 
  • Code of Conduct
  • Employee Handbook
  • Employee Non-Disclosure Agreements
  • Vendor Management Policy
  • Privacy and Information Security Policies


Frequently Asked Questions

Below are some commonly asked questions from our customers and third parties in relation to our legal and compliance approach.


Do employees and subcontractors enter into an NDA before discussion or access to confidential information is provided?

Non-Disclosure Agreements (NDAs) are formal legal contracts between one or more parties and can take many forms. At RapidRatings, we have a policy that all employees must sign NDAs as a condition of their employment. We also require any subcontractor with access to either RapidRatings confidential information or RapidRatings systems will have an NDA in place before beginning services.  

It is generally accepted that while the employee remains employed with a business, he or she has a duty not to use any such confidential information for his/her own benefit or the benefit of a third party.

At RapidRatings, we have provisions in place to protect RapidRatings and our clients and maintain adequate legal protections through contractual provisions to prevent disclosure of information.


Are there backgrounds checks carried out on all employees?

At RapidRatings, we conduct employment eligibility checks on our employees to ensure that any employee of RapidRatings has the legal right to work in a jurisdiction and reside in a jurisdiction that RapidRatings has a presence in. Additionally, in the United States, RapidRatings conducts background checks on all employees, including criminal background checks, and may conduct additional checks depending on the role. 


Is there a dedicated Code of Conduct (Code of Business Ethics) in place?

Within RapidRatings, we abide by our own internal Code of Conduct that has been set at internationally approved standards and this is practiced by all our employees throughout our offices. The following core values are essential to RapidRatings and RapidRatings’ business:

  • Integrity
  • Mutual Respect
  • Teamwork
  • Communication
  • Innovation
  • Customer Satisfaction
  • Quality
  • Fairness
  • Compliance
  • Ethical Conduct

How does the organization view whistleblowers?

Ethical companies like RapidRatings make sure that they protect any whistleblower from unfair treatment and provide mechanisms to enable employees to speak out against anything that may be deemed unethical or illegal. Look for companies like RapidRatings who have dedicated corporate policies in place to protect “whistleblowers.”  

The RapidRatings Speak Up (Whistleblower) policy is complimented by a corporate Code of Conduct and also our Corporate Social Responsibility Policy. To further show our support, RapidRatings has published our Corporate Social Responsibility Policy on our website here:


What type of information security awareness training is provided?

Companies like RapidRatings take information security awareness training seriously by providing corporate security and data protection awareness training to all employees. We also provide more specific security training to employees in certain departments such as the client support teams and IT teams.


What is the rate of compliance when it comes to training employees on issues such as information security and privacy?

We are delighted to state that we have obtained the golden standard when it comes to implementing a training program for RapidRatings’ employees in that we have obtained 100% compliance rate from all staff. All employees regardless of their position have completed and are regularly required to complete training on key areas of the business such as information security, data protection, employment obligations etc.


What level of involvement do senior management/representatives of the board of directors have regarding the organization’s compliance efforts?

RapidRatings has several internal committees that are responsible for different sectors of RapidRatings commercial, technology, and compliance operations. These committees are independent of one another and meet up (whether in person or virtually) on a regular basis and at a minimum on a quarterly basis to ensure that all members are abreast of the current position of RapidRatings.

In addition, the committees determine whether there needs to be any changes to RapidRatings policies and procedures. These committees therefore have an internal audit function which is necessary to ensure that any policies and procedures that RapidRatings implements does not become outdated and irrelevant to RapidRatings commercial operations.

At RapidRatings we know that any compliance/technical committee success depends on the commitment of senior management to the committee and this explains that members of such committees within RapidRatings include the CEO, CTO, GC and another senior heads of departments.


Is there a regularly updated employee handbook in effect?

Yes, RapidRatings maintains employee handbooks that viewed on approximately an annual basis. Some policies and procedures are reviewed more regularly, and this is because of one or more triggering events taking place. Examples of trigger events include: changes in laws, changes in organization structure, and change in technology, etc. 


What are the approaches taken by the organization to reduced risk associated with remote workers?

Remote employee arrangements can raise concerns, including: loss of control, fear of productivity drops, and reduced security.

To address these issues, below are some of the practices utilized by RapidRatings in managing remote employees:

  • Make use of tracking and monitoring technology
  • Use video conferencing
  • Plan and organize ahead of time
  • Manage by objectives
  • Interact with staff on regular basis

Should you have any questions about our general compliance approach please do not hesitate to contact our legal department at



Was this article helpful?

2 out of 2 found this helpful

Have more questions? Submit a request